Fedora 22 : pcre-8.38-1.fc22 (2015-eb896290d3)

high Nessus Plugin ID 89447

Synopsis

The remote Fedora host is missing a security update.

Description

This release fixes these vulnerabilies: CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394. It also fixes compiling comments with auto-callouts, compiling expressions with negated classes in UCP mode, compiling expressions with an isolated \E between an item and its qualifier with auto-callouts, a crash in regexec() if REG_STARTEND option is set and pmatch argument is NULL, a stack overflow when formatting a 32-bit integer in pcregrep tool, compiling expressions with an empty \Q\E sequence between an item and its qualifier with auto-callouts, compiling expressions with global extended modifier that is disabled by local no-extended option at the start of the expression just after a whitespace, a possible crash in pcre_copy_named_substring() if a named substring has number greater than the space in the ovector, a buffer overflow when compiling an expression with named groups with a group that reset capture numbers, and a crash in pcre_get_substring_list() if the use of \K caused the start of the match to be earlier than the end.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected pcre package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1287614

https://bugzilla.redhat.com/show_bug.cgi?id=1287636

https://bugzilla.redhat.com/show_bug.cgi?id=1287646

https://bugzilla.redhat.com/show_bug.cgi?id=1287659

https://bugzilla.redhat.com/show_bug.cgi?id=1287666

https://bugzilla.redhat.com/show_bug.cgi?id=1287671

https://bugzilla.redhat.com/show_bug.cgi?id=1287695

https://bugzilla.redhat.com/show_bug.cgi?id=1287702

http://www.nessus.org/u?2e94c61f

Plugin Details

Severity: High

ID: 89447

File Name: fedora_2015-eb896290d3.nasl

Version: 1.6

Type: local

Agent: unix

Published: 3/4/2016

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:pcre, cpe:/o:fedoraproject:fedora:22

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 1/4/2016

Reference Information

CVE: CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394